developing secure mobile applications for android
DESCRIPTION
Developing Secure Mobile Applications for Android. http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf CS 595 James Zachary Howland. Background. Designed with security in mind Data sharing must be done explicitly Potentially harmful applications are limited by user - PowerPoint PPT PresentationTRANSCRIPT
Developing Secure Mobile Applications for Android
http://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf
CS 595James Zachary Howland
Background
• Designed with security in mind• Data sharing must be done explicitly• Potentially harmful applications are limited by
user• Every application is its own user• Applications are signed by developers• Uses manifest to specify permissions
Intents and Pending Intents
• What are Intents?• Bad Data and Intent Filters• Callbacks should probably use PendingIntents
Activities
• Allow code reuse• Intent Filter note• Security concerns
Broadcasts
• Allows components to communicate• Sensitive data• Sticky Broadcasts
Services
• Secure calls into Services
Content Providers and File Access
• Permission Style• Avoiding SQL Injection• Nothing should be world-writable• SD Card
Binders
• What are Binders?• Security
Conclusion
• Android developed with security in mind• Very specific methods for IPC• Keep It Simple